X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Ffunctions.php;h=25aa0e93360b1355be31ad0aba7a695c05452ee2;hp=4fcb932fcecd2503c4887d5662c04552cb99e05b;hb=b8e55a5faa25153eee1c0f55661815142041eb8d;hpb=60494e212a67fe360bfbb481eb4928480a6f379b
diff --git a/inc/functions.php b/inc/functions.php
index 4fcb932fce..25aa0e9336 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -166,7 +166,7 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) {
// Output the raw HTML code
function OUTPUT_RAW ($HTML) {
- if ((mxchange_installed) && (basename($_SERVER['PHP_SELF']) != "install.php")) {
+ if ((isBooleanConstantAndTrue('mxchange_installed')) && (basename($_SERVER['PHP_SELF']) != "install.php")) {
// Not in install-mode so strip slashes away
echo stripslashes($HTML);
} else {
@@ -273,13 +273,13 @@ function LOAD_TEMPLATE($template, $return=false, $content="") {
}
// Does the special template exists?
- if (!file_exists($file)) {
+ if ((!file_exists($file)) || (!is_readable($file))) {
// Reset to default template
$file = $BASE.$template.".tpl";
}
// Now does the final template exists?
- if (file_exists($file)) {
+ if ((file_exists($file)) && (is_readable($file))) {
// The local file does exists so we load it. :)
$tmpl_file = implode("", file($file));
@@ -298,7 +298,7 @@ function LOAD_TEMPLATE($template, $return=false, $content="") {
// Add surrounding HTML comments to help finding bugs faster
$ret = "\n".$ret."\n";
- } elseif ((IS_ADMIN()) || ((mxchange_installing) && (!mxchange_installed))) {
+ } elseif ((IS_ADMIN()) || ((isBooleanConstantAndTrue('mxchange_installing')) && (!isBooleanConstantAndTrue('mxchange_installed')))) {
// Only admins shall see this warning or when installation mode is active
$ret = "
".TEMPLATE_404."
(".basename($file).")
@@ -320,7 +320,7 @@ function LOAD_TEMPLATE($template, $return=false, $content="") {
// Output direct
OUTPUT_HTML($ret);
}
- } elseif (DEBUG_MODE) {
+ } elseif (isBooleanConstantAndTrue('DEBUG_MODE')) {
// Warning, empty output!
return "E:".$template."
\n";
}
@@ -355,7 +355,7 @@ function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") {
// Append header
$FROM .= LOAD_EMAIL_TEMPLATE("header");
}
- } elseif (DEBUG_MODE) {
+ } elseif (isBooleanConstantAndTrue('DEBUG_MODE')) {
if (empty($FROM)) {
// Load email header template
$FROM = LOAD_EMAIL_TEMPLATE("header");
@@ -367,7 +367,7 @@ function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") {
// Fix HTML parameter (default is no!)
if (empty($HTML)) $HTML = 'N';
- if (DEBUG_MODE) {
+ if (isBooleanConstantAndTrue('DEBUG_MODE')) {
// In debug mode we want to display the mail instead of sending it away so we can debug this part
echo "
".htmlentities(trim($FROM))." @@ -638,17 +638,11 @@ function TRANSLATE_STATUS($status) return $ret; } // -function GET_LANGUAGE() -{ - global $_COOKIE, $_GET; - - if (!empty($_GET['mx_lang'])) - { +function GET_LANGUAGE() { + if (!empty($_GET['mx_lang'])) { // Accept only first 2 chars $lang = substr($_GET['mx_lang'], 0, 2); - } - else - { + } else { // Do nothing $lang = ""; } @@ -657,39 +651,33 @@ function GET_LANGUAGE() $ret = DEFAULT_LANG; // Check GET variable and cookie - if (!empty($lang)) - { + if (!empty($lang)) { // Check if main language file does exist - if (file_exists(PATH."inc/language/".$lang.".php")) - { + if (file_exists(PATH."inc/language/".$lang.".php")) { // Okay found, so let's update cookies SET_LANGUAGE($lang); } - } - elseif (!empty($_COOKIE['mx_lang'])) - { + } elseif (!isSessionVariableSet('mx_lang')) { // Return stored value from cookie - $ret = $_COOKIE['mx_lang']; + $ret = get_session('mx_lang'); + + // Fixes a warning before the session has the mx_lang constant + if (empty($ret)) $ret = DEFAULT_LANG; } return $ret; } // -function SET_LANGUAGE($lang) -{ +function SET_LANGUAGE($lang) { global $_CONFIG; // Accept only first 2 chars! $lang = substr(SQL_ESCAPE(strip_tags($lang)), 0, 2); // Set cookie - @setcookie("mx_lang", $lang, (time() + $_CONFIG['online_timeout']), COOKIE_PATH); - - // Set array - $_COOKIE['mx_lang'] = $lang; + set_session("mx_lang", $lang); } // -function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") -{ +function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") { global $DATA, $_CONFIG, $REPLACER; // Keept for backward-compatiblity (please replace these variables against our new {--CONST--} syntax!) @@ -701,31 +689,26 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") $HTTP_USER_AGENT = getenv('HTTP_USER_AGENT'); $ADMIN = MAIN_TITLE; - if (!empty($_COOKIE['admin_login'])) - { + if (isSessionVariableSet('admin_login')) { // Load Admin data $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array(SQL_ESCAPE($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(SQL_ESCAPE(get_session('admin_login'))), __FILE__, __LINE__); list($ADMIN) = SQL_FETCHROW($result); SQL_FREERESULT($result); } // Expiration in a nice output format - if ($_CONFIG['auto_purge'] == 0) - { + if ($_CONFIG['auto_purge'] == 0) { // Will never expire! $EXPIRATION = MAIL_WILL_NEVER_EXPIRE; - } - elseif (function_exists('CREATE_FANCY_TIME')) - { + } elseif (function_exists('CREATE_FANCY_TIME')) { // Create nice date string $EXPIRATION = CREATE_FANCY_TIME($_CONFIG['auto_purge']); - } - else - { + } else { // Display days only $EXPIRATION = round($_CONFIG['auto_purge']/60/60/24)." "._DAYS; } + switch ($template) { case "bonus-mail": // Load data for the bonus mail @@ -803,11 +786,11 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") case "back-admin": case "back-member": - $points = TRANSLATE_COMMA($DATA[10]); + $points = TRANSLATE_COMMA($DATA[10]); break; case "add-points": - $points = $_POST['points']; + $points = bigintval($_POST['points']); break; case "guest_request_confirm": @@ -816,18 +799,14 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") } // Load user's data - if ($UID > 0) - { - if (EXT_IS_ACTIVE("nickname")) - { + if ($UID > 0) { + if (EXT_IS_ACTIVE("nickname")) { // Load nickname $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($UID)), __FILE__, __LINE__); list($surname, $family, $sex, $email, $nick) = SQL_FETCHROW($result); SQL_FREERESULT($result); - } - else - { + } else { // Load normal data $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($UID)), __FILE__, __LINE__); @@ -835,9 +814,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") SQL_FREERESULT($result); $nick = "---"; } - } - else - { + } else { // Neutral sex and email address is default $sex = 'N'; $email = WEBMASTER; @@ -853,40 +830,29 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") $BASE = PATH."templates/".GET_LANGUAGE()."/emails/"; // Check for admin/guest/member templates - if (strpos($template, "admin_") > -1) - { + if (strpos($template, "admin_") > -1) { // Admin template found $file = $BASE."admin/".$template.".tpl"; - } - elseif (strpos($template, "guest_") > -1) - { + } elseif (strpos($template, "guest_") > -1) { // Guest template found $file = $BASE."guest/".$template.".tpl"; - } - elseif (strpos($template, "member_") > -1) - { + } elseif (strpos($template, "member_") > -1) { // Member template found $file = $BASE."member/".$template.".tpl"; - } - else - { + } else { // Test for extension $test = substr($template, 0, strpos($template, "_")); - if (EXT_IS_ACTIVE($test)) - { + if (EXT_IS_ACTIVE($test)) { // Set extra path to extension's name $file = $BASE.$test."/".$template.".tpl"; - } - else - { + } else { // No special filename $file = $BASE.$template.".tpl"; } } // Does the special template exists? - if (!@file_exists($file)) - { + if ((!@file_exists($file)) || (!is_readable($file))) { // Reset to default template $file = $BASE.$template.".tpl"; } @@ -941,6 +907,8 @@ function MAKE_TIME($H, $M, $S, $stamp) } // function LOAD_URL($URL, $addUrlData=true) { + global $CSS, $_CONFIG, $link, $db, $footer; + // Check if http(s):// is there if ((substr($URL, 0, 7) != "http://") && (substr($URL, 0, 8) != "https://")) { // Make all URLs full-qualified @@ -1221,12 +1189,12 @@ function GEN_RANDOM_CODE($length, $code, $uid, $DATA="") $data = $code.":".$uid.":".$DATA; // Add more additional data - if (isset($_COOKIE['u_hash'])) $data .= ":".$_COOKIE['u_hash']; - if (isset($GLOBALS['userid'])) $data .= ":".$GLOBALS['userid']; - if (isset($_COOKIE['lifetime'])) $data .= ":".$_COOKIE['lifetime']; - if (isset($_COOKIE['mxchange_theme'])) $data .= ":".$_COOKIE['mxchange_theme']; - if (isset($_COOKIE['mx_lang'])) $data .= ":".$_COOKIE['mx_lang']; - if (isset($GLOBALS['refid'])) $data .= ":".$GLOBALS['refid']; + if (isSessionVariableSet('u_hash')) $data .= ":".get_session('u_hash'); + if (isset($GLOBALS['userid'])) $data .= ":".$GLOBALS['userid']; + if (isSessionVariableSet('lifetime')) $data .= ":".get_session('lifetime'); + if (isSessionVariableSet('mxchange_theme')) $data .= ":".get_session('mxchange_theme'); + if (isSessionVariableSet('mx_lang')) $data .= ":".GET_LANGUAGE(); + if (isset($GLOBALS['refid'])) $data .= ":".$GLOBALS['refid']; // Calculate number for generating the code $a = $code + _ADD - 1; @@ -1998,7 +1966,9 @@ function ADD_URL_DATA($URL) // function generatePassString($passHash) { global $_CONFIG; - $ret = "*FAILED*"; + + // Return vanilla password hash + $ret = $passHash; // Is a secret key and master salt already initialized? if ((!empty($_CONFIG['secret_key'])) && (!empty($_CONFIG['master_salt']))) { @@ -2019,6 +1989,7 @@ function generatePassString($passHash) { $start += 4; $newHash .= $mod; } + //* DEBUG: */ die($passHash."
".$newHash." (".strlen($newHash).")"); $ret = generateHash($newHash, $_CONFIG['master_salt']); } @@ -2033,8 +2004,8 @@ function FIX_DELETED_COOKIES ($cookies) { // Then check all cookies if they are marked as deleted! foreach ($cookies as $cookieName) { // Is the cookie set to "deleted"? - if ((isset($_COOKIE[$cookieName])) && ($_COOKIE[$cookieName] == "deleted")) { - unset($_COOKIE[$cookieName]); + if (get_session($cookieName) == "deleted") { + set_session($cookieName, ""); } } } @@ -2082,6 +2053,63 @@ function DISPLAY_PARSING_TIME_FOOTER() { LOAD_TEMPLATE("footer_stats", false, $content); } +// Unset/set session variables +function set_session ($var, $value) { + global $CSS; + // Abort in CSS mode here + if ($CSS == 1) return true; + + // Trim value and session variable + $var = trim(SQL_ESCAPE($var)); $value = trim($value); + + // Is the session variable set? + if (("".$value."" == "") && (isSessionVariableSet($var))) { + // Remove the session + //* DEBUG: */ echo "UNSET:".$var."=".get_session($var)."
\n"; + unset($_SESSION[$var]); + return session_unregister($var); + } elseif (("".$value."" != "") && (!isSessionVariableSet($var))) { + // Set session + //* DEBUG: */ echo "SET:".$var."=".$value."
\n"; + $_SESSION[$var] = $value; + return session_register($var); + } + + // Return always true if the session variable is already set. + // Keept me busy for a longer while... + //* DEBUG: */ echo "IGNORED:".$var."=".$value."
\n"; + return true; +} +// Check wether a boolean constant is set +// Taken from user comments in PHP documentation for function constant() +function isBooleanConstantAndTrue($constname) { // : Boolean + $res = false; + if (defined($constname)) $res = (constant($constname) === true); + return($res); +} + +// Check wether a session variable is set +function isSessionVariableSet($var) { + return (isset($_SESSION[$var])); +} + +// Returns wether the value of the session variable or NULL if not set +function get_session($var) { + if (!isset($_SESSION)) session_start(); + + // Default is not found! ;-) + $value = null; + + // Is the variable there? + if (isSessionVariableSet($var)) { + // Then get it secured! + $value = SQL_ESCAPE($_SESSION[$var]); + } + + // Return the value + return $value; +} + // ////////////////////////////////////////////// // //